Hi, while playing around with the ssh protocol I noticed that ssh2-enum-algos lists different algorithms for kex_algorithms, encryption_algorithms and mac_algorithms than what I get from the same ssh server.
I also made a test with ssh itself for encryption_algorithms and it did show up exactly the same list like I get with my own tool. ssh2-enum-algos shows also aes256-cbc which doesn't appear in my tool and in ssh client: $ ./ssh-algorithms 1.2.3.4 22|grep ^enc|cut -d: -f2|tr , '\n'|sort aes128-ctr aes128-...@openssh.com aes192-ctr aes256-ctr aes256-...@openssh.com chacha20-poly1...@openssh.com $ ssh -c aes256-cbc -p22 1.2.3.4 Unable to negotiate with 89.163.156.26 port 443: no matching cipher found. Their offer: chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com $ ssh -c aes256-cbc -p22 1.2.3.4 2>&1|sed 's,.*Their offer: ,,'|tr , '\n'|sort aes128-ctr aes128-...@openssh.com aes192-ctr aes256-ctr aes256-...@openssh.com chacha20-poly1...@openssh.com $ nmap --script ssh2-enum-algos 1.2.3.4 22 2>&1 |grep -A8 "encryption_algorithms" | encryption_algorithms: (7) | aes256-...@openssh.com | chacha20-poly1...@openssh.com | aes256-ctr | aes256-cbc <===== | aes128-...@openssh.com | aes128-ctr | aes128-cbc | mac_algorithms: (8) Am I missing something or is this a bug? best regards, Frank _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at https://seclists.org/nmap-dev/
